[Webkit-unassigned] [Bug 200863] Crash in JSC::SlotVisitor::visitChildren
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 15 05:56:28 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=200863
--- Comment #16 from Krzysztof Konopko <kris at youview.com> ---
(In reply to Krzysztof Konopko from comment #15)
> (In reply to Mark Lam from comment #13)
> > 4. Does it reproduce with a Debug build?
> >
> > Helps makes things easier to debug.
> > Plus enable a lot more assertions to check invariants.
> >
>
> Yes, although it's more difficult to reproduce, and haven't managed to
> reproduce it with the simplified example attached. It was reproducible with
> a bigger web app though and many other things going on. The crash looked
> the same.
I take this one back. I double-checked our issue tracker and this has not been reproduced on a Debug build. The best we got is a Release build with debug symbols.
Certainly in Debug builds a lot of functions are not inlined therefore stack allocation looks different and all the timings looks different (also incurred by more function calls).
Personally I suspect this might be related to some object(s) (memory) being allocated on the stack and used after that bit of stack is released. Of course the use of the stack may be intended but with a missing barrier somewhere, the object (memory) goes out of scope while (still_ being processed on another thread.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221115/447d6c6d/attachment.htm>
More information about the webkit-unassigned
mailing list